Release v2.2.3

sorted locale file

.travis.yml

@@ -34,8 +34,9 @@ gemfile:
 services:
   - mongodb
 notifications:
-  recipients:
-    - jose.valim@plataformatec.com.br
-    - carlos@plataformatec.com.br
-    - rodrigo.flores@plataformatec.com.br
-    - rafael.franca@plataformatec.com.br
+  email: false
+  campfire:
+    on_success: change
+    on_failure: always
+    rooms:
+      - secure: "TRiqvuM4i/QmRDWjUSNitE5/P91BOzDkNl53+bZjjtxcISCswZtmECWBR7n9\n3xwqCOU1o2lfohxZ32OHOj/Nj7o+90zWJfWxcv+if0hIXRiil62M5pg0lZUd\nyJ4M5VQ0lSWo5he1OUrXhSabPJeaK3B8yT/tdh+qO5yzR+vb/jc="

CHANGELOG.rdoc

@@ -1,13 +1,31 @@
-== 2.2.0.rc
+== 2.2.3
 
-* important changes
+* bug fix
+  * Require string conversion for all values
+
+== 2.2.2
+
+* bug fix
+  * Fix bug when checking for reconfirmable in templates
+
+== 2.2.1
+
+* bug fix
+  * Fix regression with case_insensitive_keys
+  * Fix regression when password is blank when it is invalid
+
+== 2.2.0
+
+* backwards incompatible changes
+  * `headers_for` is deprecated, customize the mailer directly instead
+  * All mailer methods now expect a second argument with delivery options
   * Default minimum password length is now 8 (by @carlosgaldino)
-  * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (@gabetax)
+  * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax)
   * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats)
   * Support Mongoid 3 onwards (by @durran)
-  * Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
 
 * enhancements
+  * Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
   * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)
   * Flash messages in controller now respects `resource_name` (by @latortuga)
   * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast)

Gemfile

@@ -22,8 +22,11 @@ end
 
 platforms :ruby do
   gem "sqlite3"
+end
 
+
+platforms :mri_19 do
   group :mongoid do
     gem "mongoid", "~> 3.0"
   end
-end
+end

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (2.2.0.rc)
+    devise (2.2.2)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (~> 3.1)
@@ -10,12 +10,12 @@ PATH
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.2.9)
-      actionpack (= 3.2.9)
+    actionmailer (3.2.11)
+      actionpack (= 3.2.11)
       mail (~> 2.4.4)
-    actionpack (3.2.9)
-      activemodel (= 3.2.9)
-      activesupport (= 3.2.9)
+    actionpack (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
@@ -23,18 +23,18 @@ GEM
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
       sprockets (~> 2.2.1)
-    activemodel (3.2.9)
-      activesupport (= 3.2.9)
+    activemodel (3.2.11)
+      activesupport (= 3.2.11)
       builder (~> 3.0.0)
-    activerecord (3.2.9)
-      activemodel (= 3.2.9)
-      activesupport (= 3.2.9)
+    activerecord (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.9)
-      activemodel (= 3.2.9)
-      activesupport (= 3.2.9)
-    activesupport (3.2.9)
+    activeresource (3.2.11)
+      activemodel (= 3.2.11)
+      activesupport (= 3.2.11)
+    activesupport (3.2.11)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     arel (3.0.2)
@@ -48,7 +48,7 @@ GEM
     httpauth (0.2.0)
     i18n (0.6.1)
     journey (1.0.4)
-    json (1.7.5)
+    json (1.7.6)
     jwt (0.1.5)
       multi_json (>= 1.0)
     mail (2.4.4)
@@ -59,13 +59,13 @@ GEM
     mime-types (1.19)
     mocha (0.10.0)
       metaclass (~> 0.0.1)
-    mongoid (3.0.14)
+    mongoid (3.0.16)
       activemodel (~> 3.1)
       moped (~> 1.1)
       origin (~> 1.0)
       tzinfo (~> 0.3.22)
-    moped (1.3.1)
-    multi_json (1.4.0)
+    moped (1.3.2)
+    multi_json (1.5.0)
     multipart-post (1.1.5)
     nokogiri (1.5.5)
     oauth2 (0.8.0)
@@ -88,7 +88,7 @@ GEM
     origin (1.0.11)
     orm_adapter (0.4.0)
     polyglot (0.3.3)
-    rack (1.4.1)
+    rack (1.4.3)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-openid (1.3.1)
@@ -98,22 +98,22 @@ GEM
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.9)
-      actionmailer (= 3.2.9)
-      actionpack (= 3.2.9)
-      activerecord (= 3.2.9)
-      activeresource (= 3.2.9)
-      activesupport (= 3.2.9)
+    rails (3.2.11)
+      actionmailer (= 3.2.11)
+      actionpack (= 3.2.11)
+      activerecord (= 3.2.11)
+      activeresource (= 3.2.11)
+      activesupport (= 3.2.11)
       bundler (~> 1.0)
-      railties (= 3.2.9)
-    railties (3.2.9)
-      actionpack (= 3.2.9)
-      activesupport (= 3.2.9)
+      railties (= 3.2.11)
+    railties (3.2.11)
+      actionpack (= 3.2.11)
+      activesupport (= 3.2.11)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
-    rake (10.0.2)
+    rake (10.0.3)
     rdoc (3.12)
       json (~> 1.4)
     ruby-openid (2.2.2)

MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009-2012 Plataformatec. http://plataformatec.com.br
+Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

README.md

@@ -393,4 +393,4 @@ https://github.com/plataformatec/devise/contributors
 
 ## License
 
-MIT License. Copyright 2012 Plataformatec. http://plataformatec.com.br
+MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br

app/controllers/devise/sessions_controller.rb

@@ -27,10 +27,8 @@ class Devise::SessionsController < DeviseController
     # We actually need to hardcode this as Rails default responder doesn't
     # support returning empty response on GET request
     respond_to do |format|
+      format.all { head :no_content }
       format.any(*navigational_formats) { redirect_to redirect_path }
-      format.all do
-        head :no_content
-      end
     end
   end
 

app/mailers/devise/mailer.rb

@@ -1,15 +1,15 @@
-class Devise::Mailer < ::ActionMailer::Base
+class Devise::Mailer < Devise.parent_mailer.constantize
   include Devise::Mailers::Helpers
 
-  def confirmation_instructions(record)
-    devise_mail(record, :confirmation_instructions)
+  def confirmation_instructions(record, opts={})
+    devise_mail(record, :confirmation_instructions, opts)
   end
 
-  def reset_password_instructions(record)
-    devise_mail(record, :reset_password_instructions)
+  def reset_password_instructions(record, opts={})
+    devise_mail(record, :reset_password_instructions, opts)
   end
 
-  def unlock_instructions(record)
-    devise_mail(record, :unlock_instructions)
+  def unlock_instructions(record, opts={})
+    devise_mail(record, :unlock_instructions, opts)
   end
 end

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -1,6 +1,6 @@
 <p>Hello <%= @resource.email %>!</p>
 
-<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
 <p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
 

app/views/devise/registrations/edit.html.erb

@@ -6,7 +6,7 @@
   <div><%= f.label :email %><br />
   <%= f.email_field :email, :autofocus => true %></div>
 
-  <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %>
+  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
     <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
   <% end %>
 
@@ -24,6 +24,6 @@
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
+<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
 
 <%= link_to "Back", :back %>

config/locales/en.yml

@@ -1,60 +1,59 @@
 # Additional translations at https://github.com/plataformatec/devise/wiki/I18n
 
 en:
+  devise:
+    confirmations:
+      confirmed: "Your account was successfully confirmed. You are now signed in."
+      send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+    failure:
+      already_authenticated: "You are already signed in."
+      inactive: "Your account was not activated yet."
+      invalid: "Invalid email or password."
+      invalid_token: "Invalid authentication token."
+      locked: "Your account is locked."
+      not_found_in_database: "Invalid email or password."
+      timeout: "Your session expired, please sign in again to continue."
+      unauthenticated: "You need to sign in or sign up before continuing."
+      unconfirmed: "You have to confirm your account before continuing."
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+      reset_password_instructions:
+        subject: "Reset password instructions"
+      unlock_instructions:
+        subject: "Unlock Instructions"
+    omniauth_callbacks:
+      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+      success: "Successfully authenticated from %{kind} account."
+    passwords:
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+      send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      updated: "Your password was changed successfully. You are now signed in."
+      updated_not_active: "Your password was changed successfully."
+    registrations:
+      destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
+      signed_up: "Welcome! You have signed up successfully."
+      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
+      updated: "You updated your account successfully."
+    sessions:
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+    unlocks:
+      send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
   errors:
     messages:
+      already_confirmed: "was already confirmed, please try signing in"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
       expired: "has expired, please request a new one"
       not_found: "not found"
-      already_confirmed: "was already confirmed, please try signing in"
       not_locked: "was not locked"
       not_saved:
         one: "1 error prohibited this %{resource} from being saved:"
         other: "%{count} errors prohibited this %{resource} from being saved:"
-      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
-
-  devise:
-    failure:
-      already_authenticated: 'You are already signed in.'
-      unauthenticated: 'You need to sign in or sign up before continuing.'
-      unconfirmed: 'You have to confirm your account before continuing.'
-      locked: 'Your account is locked.'
-      not_found_in_database: 'Invalid email or password.'
-      invalid: 'Invalid email or password.'
-      invalid_token: 'Invalid authentication token.'
-      timeout: 'Your session expired, please sign in again to continue.'
-      inactive: 'Your account was not activated yet.'
-    sessions:
-      signed_in: 'Signed in successfully.'
-      signed_out: 'Signed out successfully.'
-    passwords:
-      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
-      updated: 'Your password was changed successfully. You are now signed in.'
-      updated_not_active: 'Your password was changed successfully.'
-      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-    confirmations:
-      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
-      send_paranoid_instructions: 'If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes.'
-      confirmed: 'Your account was successfully confirmed. You are now signed in.'
-    registrations:
-      signed_up: 'Welcome! You have signed up successfully.'
-      signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
-      signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
-      signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
-      updated: 'You updated your account successfully.'
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
-      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
-    unlocks:
-      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
-      unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
-      send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
-    omniauth_callbacks:
-      success: 'Successfully authenticated from %{kind} account.'
-      failure: 'Could not authenticate you from %{kind} because "%{reason}".'
-    mailer:
-      confirmation_instructions:
-        subject: 'Confirmation instructions'
-      reset_password_instructions:
-        subject: 'Reset password instructions'
-      unlock_instructions:
-        subject: 'Unlock Instructions'

gemfiles/Gemfile.rails-3.1.x

@@ -11,7 +11,7 @@ group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
   gem "webrat", "0.7.2", :require => false
-  gem "mocha", :require => false
+  gem "mocha", "0.10.0", :require => false
 
   platforms :mri_18 do
     gem "ruby-debug", ">= 0.10.3"
@@ -26,8 +26,10 @@ end
 
 platforms :ruby do
   gem "sqlite3"
+end
 
+platforms :mri_19 do
   group :mongoid do
     gem "mongoid", "~> 3.0"
   end
-end
+end

gemfiles/Gemfile.rails-3.1.x.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    devise (2.1.2)
+    devise (2.2.0)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (~> 3.1)
@@ -10,48 +10,48 @@ PATH
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.1.4)
-      actionpack (= 3.1.4)
-      mail (~> 2.3.0)
-    actionpack (3.1.4)
-      activemodel (= 3.1.4)
-      activesupport (= 3.1.4)
+    actionmailer (3.1.10)
+      actionpack (= 3.1.10)
+      mail (~> 2.3.3)
+    actionpack (3.1.10)
+      activemodel (= 3.1.10)
+      activesupport (= 3.1.10)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       i18n (~> 0.6)
       rack (~> 1.3.6)
-      rack-cache (~> 1.1)
+      rack-cache (~> 1.2)
       rack-mount (~> 0.8.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.0.3)
-    activemodel (3.1.4)
-      activesupport (= 3.1.4)
+      sprockets (~> 2.0.4)
+    activemodel (3.1.10)
+      activesupport (= 3.1.10)
       builder (~> 3.0.0)
       i18n (~> 0.6)
-    activerecord (3.1.4)
-      activemodel (= 3.1.4)
-      activesupport (= 3.1.4)
+    activerecord (3.1.10)
+      activemodel (= 3.1.10)
+      activesupport (= 3.1.10)
       arel (~> 2.2.3)
       tzinfo (~> 0.3.29)
-    activeresource (3.1.4)
-      activemodel (= 3.1.4)
-      activesupport (= 3.1.4)
-    activesupport (3.1.4)
-      multi_json (~> 1.0)
-    addressable (2.2.7)
+    activeresource (3.1.10)
+      activemodel (= 3.1.10)
+      activesupport (= 3.1.10)
+    activesupport (3.1.10)
+      multi_json (>= 1.0, < 1.3)
     arel (2.2.3)
     bcrypt-ruby (3.0.1)
-    builder (3.0.0)
+    builder (3.0.4)
     columnize (0.3.6)
     erubis (2.7.0)
-    faraday (0.7.6)
-      addressable (~> 2.2)
+    faraday (0.8.4)
       multipart-post (~> 1.1)
-      rack (~> 1.1)
     hashie (1.2.0)
     hike (1.2.1)
-    i18n (0.6.0)
-    json (1.7.0)
+    httpauth (0.2.0)
+    i18n (0.6.1)
+    json (1.7.6)
+    jwt (0.1.5)
+      multi_json (>= 1.0)
     linecache (0.46)
       rbx-require-relative (> 0.0.4)
     mail (2.3.3)
@@ -59,36 +59,39 @@ GEM
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metaclass (0.0.1)
-    mime-types (1.18)
-    mocha (0.10.4)
+    mime-types (1.19)
+    mocha (0.10.0)
       metaclass (~> 0.0.1)
-    mongoid (3.0.12)
+    mongoid (3.0.16)
       activemodel (~> 3.1)
       moped (~> 1.1)
       origin (~> 1.0)
       tzinfo (~> 0.3.22)
-    moped (1.2.9)
-    multi_json (1.3.4)
+    moped (1.3.2)
+    multi_json (1.2.0)
     multipart-post (1.1.5)
-    nokogiri (1.5.0)
-    oauth2 (0.5.2)
-      faraday (~> 0.7)
+    nokogiri (1.5.6)
+    oauth2 (0.8.0)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
       multi_json (~> 1.0)
-    omniauth (1.0.2)
+      rack (~> 1.2)
+    omniauth (1.0.3)
       hashie (~> 1.2)
       rack
-    omniauth-facebook (1.2.0)
-      omniauth-oauth2 (~> 1.0.0)
-    omniauth-oauth2 (1.0.0)
-      oauth2 (~> 0.5.0)
+    omniauth-facebook (1.4.0)
+      omniauth-oauth2 (~> 1.0.2)
+    omniauth-oauth2 (1.0.3)
+      oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    origin (1.0.10)
+    origin (1.0.11)
     orm_adapter (0.4.0)
     polyglot (0.3.3)
-    rack (1.3.6)
+    rack (1.3.8)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-mount (0.8.3)
@@ -98,25 +101,25 @@ GEM
       ruby-openid (>= 2.1.8)
     rack-ssl (1.3.2)
       rack
-    rack-test (0.6.1)
+    rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.1.4)
-      actionmailer (= 3.1.4)
-      actionpack (= 3.1.4)
-      activerecord (= 3.1.4)
-      activeresource (= 3.1.4)
-      activesupport (= 3.1.4)
+    rails (3.1.10)
+      actionmailer (= 3.1.10)
+      actionpack (= 3.1.10)
+      activerecord (= 3.1.10)
+      activeresource (= 3.1.10)
+      activesupport (= 3.1.10)
       bundler (~> 1.0)
-      railties (= 3.1.4)
-    railties (3.1.4)
-      actionpack (= 3.1.4)
-      activesupport (= 3.1.4)
+      railties (= 3.1.10)
+    railties (3.1.10)
+      actionpack (= 3.1.10)
+      activesupport (= 3.1.10)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (~> 0.14.6)
-    rake (0.9.2.2)
-    rbx-require-relative (0.0.5)
+    rake (10.0.3)
+    rbx-require-relative (0.0.9)
     rdoc (3.12)
       json (~> 1.4)
     ruby-debug (0.10.4)
@@ -124,18 +127,18 @@ GEM
       ruby-debug-base (~> 0.10.4.0)
     ruby-debug-base (0.10.4)
       linecache (>= 0.3)
-    ruby-openid (2.1.8)
+    ruby-openid (2.2.2)
     sprockets (2.0.4)
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.5)
+    sqlite3 (1.3.6)
     thor (0.14.6)
     tilt (1.3.3)
-    treetop (1.4.10)
+    treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.33)
+    tzinfo (0.3.35)
     warden (1.2.1)
       rack (>= 1.0)
     webrat (0.7.2)
@@ -151,7 +154,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mocha
+  mocha (= 0.10.0)
   mongoid (~> 3.0)
   omniauth (~> 1.0.0)
   omniauth-facebook

lib/devise.rb

@@ -43,7 +43,7 @@ module Devise
   # True values used to check params
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
-  # Custom domain for cookies. Not set by default
+  # Custom domain or key for cookies. Not set by default
   mattr_accessor :rememberable_options
   @@rememberable_options = {}
 
@@ -199,6 +199,12 @@ module Devise
   mattr_accessor :parent_controller
   @@parent_controller = "ApplicationController"
 
+  # The parent mailer all Devise mailers inherit from.
+  # Defaults to ActionMailer::Base. This should be set early
+  # in the initialization process and should be set to a string.
+  mattr_accessor :parent_mailer
+  @@parent_mailer = "ActionMailer::Base"
+
   # The router Devise should use to generate routes. Defaults
   # to :main_app. Should be overriden by engines in order
   # to provide custom routes.

lib/devise/controllers/rememberable.rb

@@ -23,14 +23,14 @@ module Devise
       def remember_me(resource)
         scope = Devise::Mapping.find_scope!(resource)
         resource.remember_me!(resource.extend_remember_period)
-        cookies.signed["remember_#{scope}_token"] = remember_cookie_values(resource)
+        cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
       end
 
       # Forgets the given resource by deleting a cookie
       def forget_me(resource)
         scope = Devise::Mapping.find_scope!(resource)
         resource.forget_me!
-        cookies.delete("remember_#{scope}_token", forget_cookie_values(resource))
+        cookies.delete(remember_key(resource, scope), forget_cookie_values(resource))
       end
 
       protected
@@ -47,6 +47,10 @@ module Devise
           :expires => resource.remember_expires_at
         )
       end
+
+      def remember_key(resource, scope)
+        resource.rememberable_options.fetch(:key, "remember_#{scope}_token")
+      end
     end
   end
-end
+end

lib/devise/mailers/helpers.rb

@@ -11,9 +11,9 @@ module Devise
       protected
 
       # Configure default email options
-      def devise_mail(record, action)
+      def devise_mail(record, action, opts={})
         initialize_from_record(record)
-        mail headers_for(action)
+        mail headers_for(action, opts)
       end
 
       def initialize_from_record(record)
@@ -25,16 +25,19 @@ module Devise
         @devise_mapping ||= Devise.mappings[scope_name]
       end
 
-      def headers_for(action)
+      def headers_for(action, opts)
         headers = {
-          :subject       => translate(devise_mapping, action),
+          :subject       => subject_for(action),
           :to            => resource.email,
           :from          => mailer_sender(devise_mapping),
           :reply_to      => mailer_reply_to(devise_mapping),
-          :template_path => template_paths
-        }
+          :template_path => template_paths,
+          :template_name => action
+        }.merge(opts)
 
         if resource.respond_to?(:headers_for)
+          ActiveSupport::Deprecation.warn "Calling headers_for in the model is no longer supported. " <<
+            "Please customize your mailer instead."
           headers.merge!(resource.headers_for(action))
         end
 
@@ -83,8 +86,8 @@ module Devise
       #         confirmation_instructions:
       #           subject: '...'
       #
-      def translate(mapping, key)
-        I18n.t(:"#{mapping.name}_subject", :scope => [:devise, :mailer, key],
+      def subject_for(key)
+        I18n.t(:"#{devise_mapping.name}_subject", :scope => [:devise, :mailer, key],
           :default => [:subject, key.to_s.humanize])
       end
     end

lib/devise/models/authenticatable.rb

@@ -93,10 +93,6 @@ module Devise
       def authenticatable_salt
       end
 
-      def headers_for(name)
-        {}
-      end
-
       array = %w(serializable_hash)
       # to_xml does not call serializable_hash on 3.1
       array << "to_xml" if Rails::VERSION::STRING[0,3] == "3.1"
@@ -159,8 +155,8 @@ module Devise
       #       end
       #     end
       #
-      def send_devise_notification(notification)
-        devise_mailer.send(notification, self).deliver
+      def send_devise_notification(notification, opts={})
+        devise_mailer.send(notification, self, opts).deliver
       end
 
       def downcase_keys
@@ -172,7 +168,16 @@ module Devise
       end
 
       def apply_to_attribute_or_variable(attr, method)
-        (self[attr] || send(attr)).try(method)
+        if self[attr]
+          self[attr].try(method)
+
+        # Use respond_to? here to avoid a regression where globally
+        # configured strip_whitespace_keys or case_insensitive_keys were
+        # attempting to strip! or downcase! when a model didn't have the
+        # globally configured key.
+        elsif respond_to?(attr)
+          send(attr).try(method)
+        end
       end
 
       module ClassMethods
@@ -209,21 +214,20 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios
         # besides authentication, for example when retrieving an user to send
         # an e-mail for password reset. In such cases, find_for_authentication
         # is not called.
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find an initialize a record setting an error if it can't be found.

lib/devise/models/confirmable.rb

@@ -87,7 +87,9 @@ module Devise
         @reconfirmation_required = false
 
         generate_confirmation_token! if self.confirmation_token.blank?
-        send_devise_notification(:confirmation_instructions)
+
+        opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
+        send_devise_notification(:confirmation_instructions, opts)
       end
 
       # Resend confirmation token. This method does not need to generate a new token.
@@ -123,14 +125,6 @@ module Devise
         @bypass_postpone = true
       end
 
-      def headers_for(action)
-        headers = super
-        if action == :confirmation_instructions && pending_reconfirmation?
-          headers[:to] = unconfirmed_email
-        end
-        headers
-      end
-
       protected
 
         # A callback method used to deliver confirmation

lib/devise/models/database_authenticatable.rb

@@ -64,7 +64,6 @@ module Devise
         result = if valid_password?(current_password)
           update_attributes(params, *options)
         else
-          params.delete(:password)
           self.assign_attributes(params, *options)
           self.valid?
           self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)

lib/devise/param_filter.rb

@@ -33,9 +33,8 @@ module Devise
 
     private
 
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
     def param_requires_string_conversion?(value)
-      [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
+      true
     end
   end
 end

lib/devise/strategies/rememberable.rb

@@ -41,7 +41,7 @@ module Devise
       end
 
       def remember_key
-        "remember_#{scope}_token"
+        mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
       end
 
       def remember_cookie
@@ -52,4 +52,4 @@ module Devise
   end
 end
 
-Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
+Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.2.0.rc".freeze
+  VERSION = "2.2.3".freeze
 end

lib/generators/templates/simple_form_for/registrations/edit.html.erb

@@ -6,7 +6,7 @@
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>
 
-    <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %>
+    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
       <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
     <% end %>
 

test/integration/authenticatable_test.rb

@@ -517,6 +517,25 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
     assert_response :no_content
     assert_not warden.authenticated?(:user)
   end
+
+  test 'sign out with non-navigational format via XHR does not redirect' do
+    swap Devise, :navigational_formats => ['*/*', :html] do 
+      sign_in_as_user
+      xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
+      assert_response :no_content
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  # Belt and braces ... Perhaps this test is not necessary?
+  test 'sign out with navigational format via XHR does redirect' do
+    swap Devise, :navigational_formats => ['*/*', :html] do 
+      sign_in_as_user
+      xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
+      assert_response :redirect
+      assert_not warden.authenticated?(:user)
+    end
+  end
 end
 
 class AuthenticationKeysTest < ActionController::IntegrationTest

test/integration/registerable_test.rb

@@ -214,7 +214,7 @@ class RegistrationTest < ActionController::IntegrationTest
     sign_in_as_user
     get edit_user_registration_path
 
-    click_link "Cancel my account", :method => :delete
+    click_button "Cancel my account"
     assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
 
     assert User.all.empty?
@@ -344,4 +344,4 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
     assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
     assert Admin.first.valid_password?('pas123')
   end
-end
+end

test/integration/rememberable_test.rb

@@ -57,6 +57,13 @@ class RememberMeTest < ActionController::IntegrationTest
     end
   end
 
+  test 'generate remember token with a custom key' do
+    swap Devise, :rememberable_options => { :key => "v1lat_token" } do
+      user = sign_in_as_user :remember_me => true
+      assert request.cookies["v1lat_token"]
+    end
+  end
+
   test 'generate remember token after sign in setting session options' do
     begin
       Rails.configuration.session_options[:domain] = "omg.somewhere.com"

test/models/authenticatable_test.rb

@@ -4,4 +4,10 @@ class AuthenticatableTest < ActiveSupport::TestCase
   test 'required_fields should be an empty array' do
     assert_equal Devise::Models::Validatable.required_fields(User), []
   end
-end
+
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(email: "example@example.com", password: "123456")
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil
+  end
+end

test/models/database_authenticatable_test.rb

@@ -34,16 +34,22 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_equal email.strip, user.email
   end
 
-  test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
-    conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
+  test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do
+    swap Devise, :strip_whitespace_keys => [:fake_key] do
+      assert_nothing_raised { create_user }
+    end
   end
 
-  test "param filter should not convert regular expressions to strings" do
-    conditions = { "regexp" => /expression/ }
+  test "doesn't throw exception when globally configured case_insensitive_keys are not present on a model" do
+    swap Devise, :case_insensitive_keys => [:fake_key] do
+      assert_nothing_raised { create_user }
+    end
+  end
+
+  test "param filter should not convert booleans and integer to strings" do
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { "regexp" => /expression/ }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
   end
 
   test 'should respond to password and password confirmation' do
@@ -120,13 +126,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_match "is invalid", user.errors[:current_password].join
   end
 
-  test 'should not change encrypted password when it is invalid' do
-    user = create_user
-    assert_not user.update_with_password(:current_password => 'other',
-      :password => 'pass4321', :password_confirmation => 'pass4321')
-    assert_not user.encrypted_password_changed?
-  end
-
   test 'should add an error to current password when it is blank' do
     user = create_user
     assert_not user.update_with_password(:password => 'pass4321',